Forensic Blogs

An aggregator for digital forensics blogs

by

Quickpost: curl And SSPI Proxy Authentication

curl with SSPI feature supports integrated authentication to a proxy: you don’t need to provide credentials.

The command is the following:

curl –proxy proxyname:8080 –proxy-ntlm -U : https://www.didierstevens.com/index.html

This curl command uses a proxy (–proxy) and authenticates to the proxy (–proxy-ntlm) without providing explicit credentials (-U :).

curl will use an SSPI to perform integrated authentication to the proxy. This is explained on curl’s man page:

If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this option: “-U :”.

curl’s SSPI feature can also be used to authenticate to an internal IIS server.

Windows’ build-in curl version supports SSPI. You can use the version option to check if your version of curl supports SSPI:

 

Quickpost info

by

Quickpost: Go: Building For Multiple Operating Systems

To compile a Go program for multiple operating systems on a single machine, set environment variables GOOS and GOARCH accordingly.

GOOS (Go Operating System):

set GOOS=windows set GOOS=linux set GOOS=darwin

GOARCH (Go Architecture):

set GOARCH=386 set GOARCH=amd64

More values here.

Example program:

package main import "fmt" func main() { fmt.Printf("hello, world\n") }

Build command on Windows for Linux 32-bit ELF file:
set GOOS=linux
set GOARCH=386
c:\Go\bin\go.exe build -o program.exe program.go

Quickpost info

by

Quickpost: Empty ZIP File

As a reminder to myself, here is the hexdump of an empty ZIP file: 50 4B 05 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

And here is the cut-bytes.py command to generate an empty ZIP file:

C:\Demo>cut-bytes.py -a : #e#’PK’+0x0506+repeat(0x12,0x00)
00000000: 50 4B 05 06 00 00 00 00 00 00 00 00 00 00 00 00 PK…………..
00000010: 00 00 00 00 00 00 ……

Quickpost info